Docstoc

OS

Document Sample
OS Powered By Docstoc
					Authentication and Authorization in
Grid Middleware

Implementation of Grid CA and
      Security Module

                 Hannam Univ.
              Prof. Jae Kwang, Lee
           jklee@netwk.hannam.ac.kr


                                      HANNAM Univ.
                                 Network Lab.




  Contents
 Research Area

 Project Objective

 Activities

 Plan & Result

 Research Trend

 Modeling of Grid CA

 Implementation of Grid CA

 Conclusion

                              HANNAM Univ.   2
                                                                                                                                                                                  Network Lab.




Research Area
   Problem                                                                    Common Problem Solving Environment
   Solving
 Environment                                                                                          Grid enabled libraries


 Application
Development          MPICH-G                                                                                                                                                 CORBA
  Support                                                                                                                                                                   Java/Jini




                                                                                uniform data access




                                                                                                                                                                        remote instrument
                                        uniform access to




                                                                                                                                                  Security services



                                                                                                                                                                        Collaboration and
                     Grid Information




                                                            co-scheduling




                                                                                                                                authentication
                                                                                                                                 authorization
     Grid
                                             resource




                                                                                                                                                                             services
                         Service




   Common
                                                                                                                                                                        ……
   Services




                  resources             resources                           resources                     resources            resources              resources                  resources
Local Resources
                  managers              managers                            managers                      managers             Managers               Managers                   Managers

                                                                                                                                monitor                     transport                   QoS
                                           tertiary                          on-line                      scientific
                    CPUs
                                           storage                           storage                     instruments                             Communication
                                                                                                                                                   Services




                                                                                                                                                                      HANNAM Univ.            3
                                                                                Network Lab.




 Project Objective
 A Project Aim

  ■   Supporting Grid Security Service for User Authentication
      with Grid CA

 The Contents of Project
                         • Study of Grid Security Protocol
                         -   PKIX(Public Key Infrastructure based X.509)
                         -   X.509 v3 Certificate/X.509 v2 CRL
                         -   PKCS(Public Key Cryptography Standards)
                         -   CMP(Certificate Management Protocol)
   Contents of Project
                         -   CRMF(Certificate Request Message Format)
                         -   OGSA(Open Grid Security Architecture)
                         -   GSI3 : Security Grid Services


                         • Design of the framework of Grid Authentication Service


                                                                           HANNAM Univ.    4
                                                                                    Network Lab.




 Project Objective
 The Contents of Project

                         • Design and Implementation of Grid CA
                         - Based X.509 v3 certificate & X.509 v2 CRL
                         - Supports CPS(Certificate Policy Syntax) with DB

   Contents of Project
                         • Design of Grid Security Service Architecture
                                           •
                         - Security policy establishment
                         - Study of security communication module and delegation module
                         - Design of security service architecture




                                                                               HANNAM Univ.    5
                                                                       Network Lab.




Activities
                                                           Implement of
     Analysis of GSI        Analysis of GSI Protocol
                                                       GSI Security Services


     Authentication                 X.509

                                                            SSL-K5
Communication Protection      SSL/TLS Protocol


      Authorization            TLS Delegation

                                                             K5Cert


       Analysis of
                             Stydy of GSI Protocol
   Standard Document
                                                         Authentication/
                                                          Authorization
        Kerberos              Design Of Grid CA         Based Certificate


          TLS
                           Implementation of Grid CA
                                                         Extended Grid
                                                        Security Services
          PKIX
                               Extended Grid CA
                                   Services

      First Year                Second Year               Third Year


                                                             HANNAM Univ.         6
                                                                                                         Network Lab.




Plan & Result
               monthly required         1/4              2/4                  3/4            4/4
                                                                                                           note
contents                            1   2     3     4     5       6       7   8     9   10   11     12

Study of Grid Security Protocol

Design of authentication system
based certificate
Implementated of authentication
system based certificate

Design of Grid CA


Implementated of Grid CA

Design of extend grid
authentification system framework

              Report




                                                               Previous
                                                                                                         After
                                        - A Study of Standard Documents
                                        - Design and Implemented of Grid CA Modules                - 보고서 작성



                                                                                                   HANNAM Univ.     7
                                                         Network Lab.




 Plan & Result
 Implementation of Grid CA

  ■   Implementing CA based Globus 3.0
  ■   Functional modeling to be supported in Grid CA
  ■   Implementing Certificate Management Module
  ■   Implementing Security Service Module in Grid CA
  ■   Grid CA Testbed
       ▶ With the plan to support from gridsecurity.hannam.ac.kr
  ■   Design of Grid Security Service based XML
       ▶ Data Protection Service
       ▶ End User Security Service




                                                      HANNAM Univ.   8
                                                                                                                                Network Lab.




 Research Trend
                                                                                                       Functional of Grid CA :
 GSI in Action                                                                                        - Certificate Management
                                                                                                       - Proxy Certificate
                                                                                                       Generated
                                                                            Host                       - Grid CA Security Service


                                    User Credential
                                        Create
               User                                            User Proxy


                                       User credential
                                                                             Proxy Certificate




                                                                                           Remote Resource Allocate



      Site 1                                                                                 Site 2
                             Global-to-local Mapping Table

               Resource                                                            Global-to-local Mapping Table      Resource
               Certificate                                                                                            Certificate
  Resource                                                                                                                           Resource
    Proxy                          Process                                                       Process                               Proxy
  Credential                                                 Resource Allocate                                                       Credential

           Local policy       Delegated credential                                         Delegated credential       Local Policy
              And                                                                                                        And
           Mechanism                                                                                                  Mechanism




                                                                                                                         HANNAM Univ.             9
                                                             Network Lab.




 Research Trend
 Grid CA

  ■   Definition
       ▶ Grid CA(Certificate Authority) is service that grants
         security certificates to users and services so they can
         authenticate each other within a security infrastructure
  ■   Community and Applicability
       ▶ Certificate Authorities
       ▶ Registration Authorities
       ▶ End Entities(Grid User)
       ▶ Person Certificate(Proxy certificate)
       ▶ Service Certificate(computer resources) –Not yet.




                                                        HANNAM Univ. 10
                                                      Network Lab.




 Research Trend
 Obligations of Grid CA

  ■   Accept certification requests from grid users
  ■   Issue certificates based on the requests from
      authenticated grid users
  ■   Notify the subscriber of the issuing of the certificate
  ■   Publish the issued certificates
  ■   Accept revocation requests according to the procedures
      outlined in Grid CA CPS
  ■   Issue a CRL(Certificate Revocation List)
  ■   Publish the issued CRL
  ■   Keep audit logs of the certificate issuance process


                                                   HANNAM Univ. 11
                                                          Network Lab.




 Research Trend
 Research of Grid CA

  ■   Based OpenSSL
       ▶ OpenSSL + Web Services
       ▶ Simple Certificate management service used package in
         Globus
       ▶ The recent most version is adding CRL module & services
  ■   Based OpenCA
       ▶ Research of Grid CA based OpenCA
       ▶ Certificate & CRL generation/management with OpenSSL
       ▶ Certificate request message generation and management
        based PKCS #11




                                                       HANNAM Univ. 12
                                                                                    Network Lab.




 Research Trend
 OpenSSL(Globus Toolkit)

                      Web page access

                                                  Certificate Request :
                                                  -command use based Globus Toolkit
 Grid User         View of certificate list or    -Used OpenSSL command
                       commnad result

                                                 Globus grid-cert-request or OpenSSL




             Certificate Response :
             -Certificate of singed format
                                                                          Globus
                                                                          Toolkit


                                                                            HANNAM Univ. 13
                                                                                                                    Network Lab.




 Research Trend
 OpenCA
                                                                      Certificate Request :
               Web page access                                        -PKCS #10 Format          Task Manager :
                                                                                                 OCSP
                                                                                                 OpenSSL
                                                                                                 LDAP
                                                                                                 Certificate & CRL
 Grid User   View of certificate list or                                                         Java Web Server
                 commnad result



                                                                           OpenSSL & Demon
                            Certificate List :
                                                                              command                                Result
                            -Search of Certificate & CRL
                            -View of Certificate & CRL


                                                                            Certificate Store
                                                                               & Publising
                                                           Database




                                                                                                          Grid CA



                                                                                                           HANNAM Univ. 14
                                                          Network Lab.




 Modeling of Grid CA
 An essential particular for Grid CA construct

  ■   Implementing relative modules based Java API
  ■   Constructing Grid CA based servlet using Java Web
      Server
  ■   Generating Certificates and supporting cryptic functions
      using CryptoAPI
  ■   Using EJB(Enterprise Java Beans)
       ▶ Constructing each modules related Grid CA into
         components
       ▶ Easily modifying and deleting each modules
       ▶ Generating and managing certificate and CRL
  ■   Publishing certificate using LDAP
  ■   Grid CA Security Service Module
                                                       HANNAM Univ. 15
                                                                                                          Network Lab.




 Modeling of Grid CA
 Workflow
                                                                        5. The Certificate Request is sent to Grid CA
                                                                        6. Grid CA issues certificate
                                                                        7. Send notice to Grid User
                                                                6       8. Grid User picks up new certificate
                                                                        9. Publishing Certificate

                               5




                                                      Grid CA
                                                                             9

 1   2      3    4
                                        7



                         Certificate
                                       1. Access Grid CA Webpage
                                       2. Allow access                                          LDAP

     Grid User       8                 3. Request certificate
                                       4. A notice request has been queued



                                                                                                      HANNAM Univ. 16
                                                                                                 Network Lab.




 Modeling of Grid CA
 Dataflow

                                     Grid CA Module
                       (Certificate & CRL Creation, Certificate Management,)


         CRMF
       (Certificate                                                             Certificate
        Request
     Message Format)




                                    Grid CA WebSite
                         (Certificate & CRL List, User Management, etc..)



         http post                                                             http response
         message                                                                 message




                                    Access Browser




                                                                                              HANNAM Univ. 17
                                                                                                         Network Lab.




 Modeling of Grid CA
 Management Modules
                                   User
   Logging
                                Management
   Module
                                  Module




                                  Request &                            Certificate
                                                                                                Store & Publisher
                                  Response                           Creation & Sign
                                                                                                     Module
                                   Module                                Module




                                                      Certificate                       CRL
                                                       Module                          Module
               Request :
               Certificate Request Message Format
               public key + default key
               Response :                                               Certificate
               Result of Certificate creation                           Database
                                                Search :
                                                SubjectDN & Serial Number
                                                Response :
                                                Certificate
   Grid User
                                                                                                     LDAP



                                                                                                   HANNAM Univ. 18
                                                               Network Lab.




 Modeling of Grid CA
 Architecture Tier
  Web Client       Web Module Tier        CA Module Tier    Certificate Data
                                                                   Tier
               Web Site              Grid CA


                     Apply Module          User Module
                       Certificate
                                            User Data
                    Request Module
                                          (java & bean)
                      (jsp & java)

                                        User Management         Local
                   Response Module
                                             Module            Database
                      (jsp & java)
                                          (java & bean)



                                               CA Module
                    WebSite Module
                       Content             Auth Module
                     Management           (java & bean)
                     (jsp & java)

                       Certificate         CRL Module
                          List            (java & bean)
                      (jsp & java)
  Grid User
                                           Sign Module
                                          (java & bean)

                                                                 LDAP
                                          Store Module
                                                              Repository
                                          (java & bean)




                                                           HANNAM Univ. 19
                                                                                                   Network Lab.




 Modeling of Grid CA
 Security Service(ACLs)
                       User Access

                                               Invocation of OPEN Command

  Grid CA         Access Control Module :
 Web Module          File Name & Mod
                                                                                                 Site boundary

 Grid CA System
                       Execute open                       Access
                        Sequence                          Denied
                                                                    Access Permission
                                                                        Mismatch

                       Call Access
                       Control List
       Proceed                                             Verify                                 Access
                                                                                  -ACLs
         with                                             Request                                 Control
                                                                             -File Permission
        Access                                             File &                                Mechanism
                                                                            -Demon Permission
       Request                                            Demon
                          Access
                         Approved
                                      Access Permission
                                           Match




                                                                                                HANNAM Univ. 20
                                                                 Network Lab.




 Modeling of Grid CA
 Security Service(Log)

                                 Site Boundary

         Grid CA Administrator




                                                    Internet




                                        Grid User    Grid User     Grid User


              Grid CA Log List


                                                             HANNAM Univ. 21
                                                                                                                           Network Lab.




 Implementation of Grid CA
 Grid CA Certificat
                                                                  Certificate:
   Certificate:
                                                                    Data:
     Data:
                                                                        Version: 1 (0x0)
         Version: 1 (0x0)
                                                                        Serial Number:
         Serial Number: 98 (0x62)
                                                                           05:60:a5:62:10:39:f8:d4
         Signature Algorithm: md5WithRSAEncryption
                                                                        Signature Algorithm: sha1WithRSAEncryption
         Issuer: C=KR, O=Globus, CN=KISTI Supercomputing
                                                                        Issuer: CN=ROOT, OU=CE, O=Hannam, C=KR
         Validity
                                                                        Validity
            Not Before: Apr 3 07:58:47 2003 GMT
                                                                           Not Before: Sep 18 01:04:58 2003 GMT
            Not After : Apr 2 07:58:47 2004 GMT
                                                                           Not After : Sep 17 01:14:58 2004 GMT
         Subject: O=Grid, O=Globus, OU=hannam, CN=Network Lab.
                                                                        Subject: CN=ROOT, OU=CE, O=Hannam, C=KR
         Subject Public Key Info:
                                                                        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                                                                           Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                                                                           RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                                                                               Modulus (1024 bit):
                  00:9e:b8:1b:d3:1b:09:cd:1c:06:2c:1c:eb:9f:48:
                                                                                 00:82:61:c4:a1:c1:24:04:cc:9b:ed:f3:c1:d3:ea:
                  67:44:be:68:7b:85:a2:5d:e6:ad:75:56:08:fe:ec:
                                                                                 d2:10:57:6d:e8:a8:6d:23:2a:1f:0b:f2:61:06:57:
                  b4:b1:15:44:c0:4b:7a:af:fa:99:fc:2f:7a:64:d7:
                                                                                 30:34:80:7a:a4:c0:f2:24:d3:6a:1d:98:28:29:f7:
                  4f:56:5b:12:77:a7:7b:3f:c3:61:e5:8d:9d:71:77:
                                                                                 d6:bd:20:2e:69:a9:87:c7:bc:be:73:a1:a3:98:a9:
                  c8:0e:d6:6a:f7:ee:9e:00:93:bb:52:9c:94:94:2e:
                                                                                 c3:a1:47:77:44:39:34:d2:d7:d5:1d:41:64:8b:0d:
                  a6:bd:91:5d:5c:d9:bc:b5:94:b0:e2:4b:de:f1:d9:
                                                                                 5d:ba:b7:67:c4:1b:b5:57:45:7e:66:51:a6:7f:f6:
                  ae:65:cc:96:b1:60:3f:e3:8e:0f:39:37:d1:7b:96:
                                                                                 a0:ae:5b:d4:ae:df:98:bb:af:cc:9a:2e:72:d0:a7:
                  d2:cf:41:34:87:a6:f8:88:91:54:12:c3:bc:16:e6:
                                                                                 4e:80:85:d0:f4:34:cc:6d:94:7e:cb:40:68:20:e9:
                  7c:63:61:c1:b4:85:c0:26:4d
                                                                                 af:0d:c4:e9:4c:28:fb:ea:7b
                Exponent: 65537 (0x10001)
                                                                               Exponent: 17 (0x11)
     Signature Algorithm: md5WithRSAEncryption
                                                                    Signature Algorithm: sha1WithRSAEncryption
         1a:74:71:d9:31:9d:d5:c7:ac:d6:e5:6b:0d:e8:4a:bc:d3:b3:
                                                                        19:7c:df:65:61:1f:9d:ee:1c:cb:87:d6:dc:b6:19:f1:7e:3e:
         9f:40:f6:ec:1a:08:8a:a0:97:3c:e4:e7:b8:b3:cc:31:66:30:
                                                                        e9:a0:e7:0f:37:fa:0d:ec:fb:14:1d:10:ae:b5:f3:fe:51:7a:
         bb:fc:89:e4:0a:e6:aa:a3:f1:cf:b6:52:9d:31:00:84:52:fb:
                                                                        7b:05:43:04:01:b0:c1:b7:a4:58:6a:1e:2a:53:5c:59:41:82:
         06:9b:7f:d4:20:1a:03:e9:5b:cc:f2:f9:3c:bf:8d:aa:39:2e:
                                                                        3e:55:26:73:77:03:ae:bf:08:27:1e:b4:8d:30:39:84:04:ce:
         71:37:f8:27:6d:f5:7d:39:98:bb:8c:99:79:1c:8e:98:df:73:
                                                                        db:a3:c6:d7:da:86:bc:cb:64:24:3a:d4:73:71:2e:86:d1:1d:
         c3:92:88:aa:ac:bd:f3:4d:fa:1b:a5:89:ff:7d:f1:03:7d:a6:
                                                                        4a:49:73:d7:e4:be:29:d1:00:a2:2e:83:b0:72:84:6a:89:3e:
         23:b0:bc:15:bf:00:29:24:e4:ec:84:00:80:6f:73:98:a9:09:
                                                                        49:0d:11:01:07:1b:02:47:fc:de:40:dc:6c:44:a7:b0:45:28:
         4b:e6
                                                                        34:7b

                    Globus CA Certificate v1                                         Grid CA Certificate v1

                                                                                                                    HANNAM Univ. 22
                                                                                                                                                   Network Lab.




 Implementation of Grid CA
 Grid CA Certificate
  Certificate:                                                     0:d=0 hl=4 l= 602 cons: SEQUENCE
                                                                      4:d=1 hl=4 l= 535 cons: SEQUENCE
    Data:                                                             8:d=2 hl=2 l= 3 cons: cont [ 0 ]
                                                                     10:d=3 hl=2 l= 1 prim: INTEGER       :02
        Version: 3 (0x2)                                             13:d=2 hl=2 l= 6 prim: INTEGER       :DDBB58B378
        Serial Number:                                               21:d=2 hl=2 l= 11 cons: SEQUENCE
                                                                     23:d=3 hl=2 l= 7 prim: OBJECT        :1.2.888.10000.4.4
           75:f4:e6:aa:d7:b9:33:fd                                   32:d=3 hl=2 l= 0 prim: NULL
        Signature Algorithm: sha1WithRSAEncryption                   34:d=2 hl=2 l= 61 cons: SEQUENCE
                                                                     36:d=3 hl=2 l= 11 cons: SET
        Issuer: CN=ROOT, O=Hannam, C=KR                              38:d=4 hl=2 l= 9 cons: SEQUENCE
                                                                     40:d=5 hl=2 l= 3 prim: OBJECT        :countryName
        Validity                                                     45:d=5 hl=2 l= 2 prim: PRINTABLESTRING :KR
           Not Before: Sep 1 10:59:05 2003 GMT                       49:d=3 hl=2 l= 13 cons: SET
                                                                     51:d=4 hl=2 l= 11 cons: SEQUENCE
           Not After : Aug 31 11:09:05 2005 GMT                      53:d=5 hl=2 l= 3 prim: OBJECT        :organizationName
        Subject: CN=Network, OU=Globus, O=Grid, C=KR                 58:d=5 hl=2 l= 4 prim: PRINTABLESTRING :ETRI
                                                                     64:d=3 hl=2 l= 13 cons: SET
        Subject Public Key Info:                                     66:d=4 hl=2 l= 11 cons: SEQUENCE
                                                                     68:d=5 hl=2 l= 3 prim: OBJECT        :organizationalUnitName
           Public Key Algorithm: rsaEncryption                       73:d=5 hl=2 l= 4 prim: PRINTABLESTRING :ETRI
           RSA Public Key: (512 bit)                                 79:d=3 hl=2 l= 16 cons: SET
                                                                     81:d=4 hl=2 l= 14 cons: SEQUENCE
               Modulus (512 bit):                                    83:d=5 hl=2 l= 3 prim: OBJECT        :commonName
                  00:97:e0:ce:3f:dc:9a:fa:6e:be:75:d5:3c:69:9d:      88:d=5 hl=2 l= 7 prim: PRINTABLESTRING :ETRI CA
                                                                     97:d=2 hl=2 l= 26 cons: SEQUENCE
                  9a:09:2f:9c:1e:8b:9d:1e:af:3a:d3:53:d5:e9:b6:      99:d=3 hl=2 l= 11 prim: UTCTIME       :0003060822Z
                                                                  203:d=4 hl=3 l= 156 cons: SEQUENCE
        Exponent: 17 (0x11)                                         206:d=5 hl=2 l= 65 prim: INTEGER        :0C09863C60E7642098871F83E5E3D9DCE5C6484DEF925355AFA395
        X509v3 extensions:                                          273:d=5 hl=2 l= 21 prim: INTEGER        :AEBD2FE880C2AECEF8DFAD84DF32764DC52BAC3B
                                                                    296:d=5 hl=2 l= 64 prim: INTEGER        :2EA16787425C9CEC65379E7FEB9CE4D3A4DBA7170AC40EDED588
           X509v3 Basic Constraints: critical                       362:d=3 hl=2 l= 67 prim: BIT STRING
               CA:FALSE                                             431:d=2 hl=2 l= 110 cons: cont [ 3 ]
                                                                    433:d=3 hl=2 l= 108 cons: SEQUENCE
           X509v3 Key Usage: critical                               435:d=4 hl=2 l= 18 cons: SEQUENCE
                                                                    437:d=5 hl=2 l= 3 prim: OBJECT         :X509v3 Basic Constraints
               Digital Signature, Key Encipherment                  442:d=5 hl=2 l= 1 prim: BOOLEAN          :1
           X509v3 Extended Key Usage:                               445:d=5 hl=2 l= 8 prim: OCTET STRING
                                                                    455:d=4 hl=2 l= 29 cons: SEQUENCE
               TLS Web Server Authentication, TLS Web Client        457:d=5 hl=2 l= 3 prim: OBJECT         :X509v3 Subject Key Identifier
           X509v3 Subject Key Identifier:                           462:d=5 hl=2 l= 22 prim: OCTET STRING
                                                                    486:d=4 hl=2 l= 24 cons: SEQUENCE
               60:8F:AA:5C:B0:8C:31:8C:64:0C:B5:3A:C6:5E:B          488:d=5 hl=2 l= 3 prim: OBJECT         :2.45.29.14
                                                                    493:d=5 hl=2 l= 1 prim: BOOLEAN          :1
          X509v3 Authority Key Identifier:                          496:d=5 hl=2 l= 14 prim: OCTET STRING       :750409-1422222
               keyid:13:70:D4:54:AF:4F:A7:C4:26:86:B2:C9:73:        512:d=4 hl=2 l= 29 cons: SEQUENCE
                                                                    514:d=5 hl=2 l= 3 prim: OBJECT         :X509v3 Subject Alternative Name
    Signature Algorithm: sha1WithRSAEncryption                      519:d=5 hl=2 l= 1 prim: BOOLEAN          :1
        23:64:b4:c6:17:10:11:c7:ff:1c:c2:b4:57:72:bf:d9:f0:05:      522:d=5 hl=2 l= 19 prim: OCTET STRING
                                                                    543:d=1 hl=2 l= 11 cons: SEQUENCE
                                                                    545:d=2 hl=2 l= 7 prim: OBJECT         :1.2.888.10000.4.4
                                                                    554:d=2 hl=2 l= 0 prim: NULL
                                                                    556:d=1 hl=2 l= 48 prim: BIT STRING

                       Grid CA Certificate v3
                                                                                         Grid CA Certificate v3 ASN.1


                                                                                                                                        HANNAM Univ. 23
                                              Network Lab.




 Implementation of Grid CA
 Grid CA Function

  ■   Certificate Management
       ▶ Certificate Generating
            Host Generating
            CA Server Generating
       ▶ Certificate Revocation
            Issuer DN
            Serial Number
       ▶ Certificate View
            Certificate Viewer
            Certificate List
            Certificate Revocation List
       ▶ Certificate Verification


                                           HANNAM Univ. 24
                                                       Network Lab.




 Implementation of Grid CA
 Grid CA Fuction
  ■   Service Management
       ▶ CA Function
           Basic Function
           Certificate Profile Management
       ▶ RA Function
           End Entity Profile Management
           End Entity Addition
           End Entity List and Management
  ■   Server Security Service
       ▶ Log Function
            Log Viewer
            Construction of Log Information
       ▶ System Protection
            System Configuration
            Setting of Administrator Information
            Access Control List


                                                    HANNAM Univ. 25
                                     Network Lab.




 Implementation of Grid CA
 Certificate Generating & List




                                  HANNAM Univ. 26
                                        Network Lab.




 Implementation of Grid CA
 End Entity Management & Log View




                                     HANNAM Univ. 27
                                                       Network Lab.




 Conclusion
 Grid CA
  ■   Subject issuing and managing Grid user certificates
  ■   Approaching Grid resources with certificates

 The results of research
  ■   A study on technologies and standards related with Grid
      CA
  ■   Setting the scope and form the services supporting in
      Grid CA
  ■   Implementing of Grid CA service modules
  ■   Implementing of Grid CA based Globus
  ■   Implementing of Grid CA security service modules
  ■   Design of Grid Security Service based XML
                                                    HANNAM Univ. 28
Thank you…


             Q&A
   mailto: jklee@netwk.hannam.ac.kr




                                 HANNAM Univ.

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:9
posted:10/2/2011
language:English
pages:29